Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/eicbe_cp_OIXP3cdPGlj_R_VXOo.roa
File:                     eicbe_cp_OIXP3cdPGlj_R_VXOo.roa (raw, json)
Hash identifier:          uUjSdZdR6X+3tIZv5BJi8qNa8ISMiKzr9Rap0uBUR8M=
Subject key identifier:   7A:27:1B:7B:F7:29:FC:E2:17:3F:77:1D:3C:69:63:FD:1F:D5:5C:EA
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649E59065F37003E86A31F378923959
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/eicbe_cp_OIXP3cdPGlj_R_VXOo.roa
Signing time:             Mon 01 Jan 2024 18:29:40 +0000
ROA not before:           Mon 01 Jan 2024 18:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197741
IP address blocks:        85.118.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 15:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e5:90:65:f3:70:03:e8:6a:31:f3:78:92:39:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a271b7bf729fce2173f771d3c6963fd1fd55cea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:8c:ac:07:fd:03:c7:10:62:2c:9f:cc:47:de:
                    87:e2:a7:ac:b1:b6:13:47:cc:a7:bc:af:63:c3:0f:
                    8b:af:9c:97:e4:a2:5a:06:b0:1e:be:84:96:dd:fc:
                    3d:a6:96:6d:91:ca:1f:f8:11:63:e5:8b:3b:48:20:
                    ab:57:56:e3:48:f0:9d:c3:b6:e8:69:cb:65:8a:f1:
                    cd:24:71:ed:99:79:f2:5b:c7:3b:f5:0e:bf:5c:b5:
                    b0:1c:56:c2:ad:a1:4a:41:3c:92:45:bd:29:c6:f4:
                    1e:78:ef:30:2f:a5:63:1a:d4:4b:2a:9d:49:61:99:
                    74:13:86:78:90:45:a2:f8:a0:13:c5:5a:86:eb:fc:
                    a7:b1:08:f8:1c:d5:c7:14:89:d6:cd:3a:e1:c7:fa:
                    71:97:1d:05:5d:5d:be:3e:74:15:4a:11:76:08:91:
                    b8:13:09:d0:49:c6:1f:c9:22:fc:87:a9:d9:69:a0:
                    c3:d7:da:5f:de:44:ad:15:66:2e:86:24:72:28:54:
                    7c:02:6c:33:f6:73:fc:26:a1:8b:bf:b3:7d:d0:21:
                    65:6a:54:02:e3:85:08:18:74:32:21:3e:92:8d:96:
                    73:cc:01:08:de:93:a5:86:fe:c3:8f:8e:20:be:ba:
                    0b:de:ae:10:c6:57:84:6f:b7:2f:72:70:20:38:5d:
                    6c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:27:1B:7B:F7:29:FC:E2:17:3F:77:1D:3C:69:63:FD:1F:D5:5C:EA
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/eicbe_cp_OIXP3cdPGlj_R_VXOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.118.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:b9:bc:4d:e0:ed:cc:52:61:83:e1:ac:22:77:40:c7:fd:2e:
         ad:2d:5b:98:88:f1:27:8f:ad:f0:bc:d3:ae:b4:55:a5:5c:a5:
         1c:b8:08:f2:28:ce:b4:5c:ac:bd:1b:a5:91:51:a4:63:41:31:
         3e:ce:2b:5b:02:20:52:bf:a7:29:2e:7d:4d:ec:d1:e4:04:37:
         87:09:97:57:fc:52:9b:bf:81:0c:44:13:de:2c:b1:c0:b4:25:
         a6:91:b6:1f:58:3a:9a:a6:89:6f:2a:67:c2:e6:dc:77:bb:ea:
         2e:58:0a:e1:12:60:0f:c5:03:55:7a:c4:a6:32:77:83:6f:16:
         f8:7e:8e:ec:78:90:66:25:bc:94:13:db:cf:ca:9a:02:11:56:
         94:d3:89:d3:a0:ff:7e:07:2b:81:8d:f2:d6:5a:d0:14:b7:0b:
         96:2f:13:fb:10:d5:e1:a7:d0:1e:76:66:71:56:61:bb:3a:3c:
         cb:33:00:5c:fb:77:a7:4a:f2:cf:18:64:02:a5:95:7d:ce:7f:
         13:45:9e:76:92:52:c4:22:17:28:a9:24:7a:a1:b5:bf:ae:5a:
         ec:5a:10:7f:0f:f5:6f:b7:d8:0a:5d:73:4b:ef:86:27:0c:3f:
         af:5d:23:0a:fd:12:53:95:fc:e8:1f:14:43:97:1c:ef:3f:a0:
         9a:1a:8d:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSeWQZfNwA+hqMfN4kjlZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTI3MWI3YmY3MjlmY2UyMTczZjc3MWQzYzY5NjNmZDFmZDU1Y2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIysB/0DxxBiLJ/MR96H4qessbYT
R8ynvK9jww+Lr5yX5KJaBrAevoSW3fw9ppZtkcof+BFj5Ys7SCCrV1bjSPCdw7bo
actlivHNJHHtmXnyW8c79Q6/XLWwHFbCraFKQTySRb0pxvQeeO8wL6VjGtRLKp1J
YZl0E4Z4kEWi+KATxVqG6/ynsQj4HNXHFInWzTrhx/pxlx0FXV2+PnQVShF2CJG4
EwnQScYfySL8h6nZaaDD19pf3kStFWYuhiRyKFR8Amwz9nP8JqGLv7N90CFlalQC
44UIGHQyIT6SjZZzzAEI3pOlhv7Dj44gvroL3q4QxleEb7cvcnAgOF1s3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHonG3v3KfziFz93HTxpY/0f1VzqMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvZWljYmVfY3BfT0lYUDNjZFBHbGpfUl9WWE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXZaMA0G
CSqGSIb3DQEBCwUAA4IBAQBdubxN4O3MUmGD4awid0DH/S6tLVuYiPEnj63wvNOu
tFWlXKUcuAjyKM60XKy9G6WRUaRjQTE+zitbAiBSv6cpLn1N7NHkBDeHCZdX/FKb
v4EMRBPeLLHAtCWmkbYfWDqapolvKmfC5tx3u+ouWArhEmAPxQNVesSmMneDbxb4
fo7seJBmJbyUE9vPypoCEVaU04nToP9+ByuBjfLWWtAUtwuWLxP7ENXhp9AedmZx
VmG7OjzLMwBc+3enSvLPGGQCpZV9zn8TRZ52klLEIhcoqSR6obW/rlrsWhB/D/Vv
t9gKXXNL74YnDD+vXSMK/RJTlfzoHxRDlxzvP6CaGo2s
-----END CERTIFICATE-----